Users claimed that their accounts were hacked within hours of the streaming service going live with the error message saying that their password was wrong.
Days after Disney’s streaming service, Disney Plus, was launched on November 12, thousands of users reported that their accounts were hacked and offered for sale on underground cybercrime forums.
The users claimed that their accounts were hacked within hours of the streaming service going live. Customers were saying they’d been locked out of their accounts, the error message saying their password was wrong.
Responding to such reports, Disney said that only a “small percentage” of the service’s 10 million-plus users have seen their usernames and passwords compromised and that Disney Plus systems were not breached by hackers.
“We have found no evidence of a security breach,” a Disney representative said when BroadcastPro ME reached out to the company for a statement. “We continuously audit our security systems and when we find an attempted suspicious login, we proactively lock the associated user account and direct the user to select a new password.”
The company further said: “We have seen a very small percentage of users in this situation and encourage any users who are having these kind of issues to reach out to our customer support so we can help them.”
Tech-news site ZDNet’s investigation revealed the hacked accounts were being offered for free on hacking forums or available for $3-$11 per account. A Disney Plus subscription costs $7 a month.
It’s not clear how the credentials were poached, but the speculation is hackers “gained access to accounts by using email and password combos leaked at other sites” or by using key-logging malware, as per the ZDNet report.
Disney pointed out that that the problem of cybercriminals stealing usernames and passwords isn’t unique to Disney Plus, and said: “Billions of usernames and passwords leaked from previous breaches at other companies, pre-dating the launch of Disney+, are being sold on the web.”
Amazon Prime, Hulu and Netflix have long faced similar struggles with hackers hawking accounts online or giving them away.
